Merge branch 'webdav' into 'master'
Webdav + kerberos support using duplicity support
backup notes:
- encryption archive encryption disabled
- retention - using duplicity defaults: 30 increment backups until 1 full, keep 60 backups(days)
See merge request !1
diff --git a/README.rst b/README.rst
index fd38c2b..a3c581d 100644
--- a/README.rst
+++ b/README.rst
@@ -12,6 +12,8 @@
Backup client with ssh/rsync remote target
+.. code-block:: yaml
+
backupninja:
client:
enabled: true
@@ -22,6 +24,8 @@
Backup client with s3 remote target
+.. code-block:: yaml
+
backupninja:
client:
enabled: true
@@ -30,8 +34,25 @@
host: s3.domain.com
bucket: bucketname
+Backup client with webdav target
+
+.. code-block:: yaml
+
+ backupninja:
+ client:
+ enabled: true
+ target:
+ engine: dup
+ url: webdavs://user@backup.cloud/example.com/box.example.com/
+ auth:
+ gss:
+ principal: host/${linux:network:fqdn}
+ keytab: /etc/krb5.keytab
+
Backup server rsync/rdiff
+.. code-block:: yaml
+
backupninja:
server:
enabled: true
diff --git a/backupninja/client.sls b/backupninja/client.sls
index 7edf512..3602535 100644
--- a/backupninja/client.sls
+++ b/backupninja/client.sls
@@ -19,7 +19,7 @@
backupninja_postgresql_handler:
file.managed:
- - name: /etc/backup.d/100.pgsql
+ - name: /etc/backup.d/102.pgsql
- source: salt://backupninja/files/handler/pgsql.conf
- template: jinja
- mode: 600
@@ -78,7 +78,7 @@
{%- if client.target is defined %}
-{%- if client.target.engine in ["s3",] %}
+{%- if client.target.engine in ["s3","webdav",] %}
backupninja_duplicity_packages:
pkg.installed:
- names:
@@ -111,8 +111,29 @@
- require:
- pkg: backupninja_packages
{%- endif %}
+
+{%- if client.target.auth.gss is defined %}
+backupninja_gss_helper_{{ backup_name }}_kinit:
+ file.managed:
+ - name: /etc/backup.d/100.{{ backup_name }}-kinit.sh
+ - source: salt://backupninja/files/gss_kinit
+ - template: jinja
+ - mode: 600
+ - require:
+ - pkg: backupninja_packages
+
+backupninja_gss_helper_{{ backup_name }}_kdestroy:
+ file.managed:
+ - name: /etc/backup.d/199.{{ backup_name }}-kdestroy.sh
+ - source: salt://backupninja/files/gss_kdestroy
+ - template: jinja
+ - mode: 600
+ - require:
+ - pkg: backupninja_packages
+
+{%- endif %}
{%- endfor %}
{%- endif %}
-{%- endif %}
\ No newline at end of file
+{%- endif %}
diff --git a/backupninja/files/dup.conf b/backupninja/files/dup.conf
index ea9bf17..3cdf1fd 100644
--- a/backupninja/files/dup.conf
+++ b/backupninja/files/dup.conf
@@ -1,6 +1,6 @@
{%- from "backupninja/map.jinja" import client with context %}
{%- from "linux/map.jinja" import system with context %}
-## This is an example duplicity configuration file.
+## This is an example duplicity configuration file.
##
## Here you can find all the possible duplicity options, details of
## what the options provide and possible settings. The defaults are set
@@ -14,7 +14,7 @@
## options = --s3-european-buckets --s3-use-new-style
##
## Default:
-# options =
+options = --no-encryption
## default is 0, but set to something like 19 if you want to lower the priority.
##
@@ -25,11 +25,11 @@
## if 'desturl' is set below, 'testconnect' must be set to 'no' for now.
##
## Default:
-# testconnect = yes
+testconnect = no
## temporary directory used by duplicity, set to some other location if your /tmp is small
## default is either /tmp or /usr/tmp, depending on the system
-##
+##
## Default:
# tmpdir = /tmp
@@ -62,7 +62,7 @@
## default is set to no, for backwards compatibility with backupninja <= 0.5.
##
## Default:
-# sign = no
+sign = no
## ID of the GnuPG public key used for data encryption.
## if not set, symmetric encryption is used, and data signing is not possible.
@@ -70,22 +70,22 @@
## encryptkey = 04D9EA79
##
## Default:
-# encryptkey =
+# encryptkey =
## ID of the GnuPG private key used for data signing.
## if not set, encryptkey will be used, an example setting would be:
## signkey = 04D9EA79
-##
+##
## Default:
-# signkey =
+# signkey =
## password
-## NB: neither quote this, nor should it contain any quotes,
+## NB: neither quote this, nor should it contain any quotes,
## an example setting would be:
## password = a_very_complicated_passphrase
##
## Default:
-# password =
+password = iamuseless
######################################################
## source section
@@ -145,12 +145,12 @@
## perform an incremental backup? (default = yes)
## if incremental = no, perform a full backup in order to start a new backup set
##
-## Default:
+## Default:
# incremental = yes
## how many days of incremental backups before doing a full backup again ;
## default is 30 days (one can also use the time format of duplicity).
-## if increments = keep, never automatically perform a new full backup ;
+## if increments = keep, never automatically perform a new full backup ;
## only perform incremental backups.
##
## Default:
@@ -182,7 +182,7 @@
## the default value of this configuration option is not set:
##
## Default:
-# desturl =
+desturl = {{ client.target.url }}
## Amazon Web Services Access Key ID and Secret Access Key, needed for backups
## to S3 buckets.
@@ -190,8 +190,8 @@
## awssecretaccesskey = YOUR_AWS_SECRET_KEY
##
## Default:
-# awsaccesskeyid =
-# awssecretaccesskey =
+# awsaccesskeyid =
+# awssecretaccesskey =
## RackSpace's CloudFiles username, API key, and authentication URL.
## cfusername = YOUR_CF_USERNAME
@@ -199,14 +199,14 @@
## cfauthurl = YOUR_CF_AUTH_URL
##
## Default:
-# cfusername =
-# cfapikey =
-# cfauthurl =
+# cfusername =
+# cfapikey =
+# cfauthurl =
## FTP password, needed for backups using desturl = ftp://...
##
## Default:
-# ftp_password =
+# ftp_password =
## bandwith limit, in Kbit/s ; default is 0, i.e. no limit
## if using 'desturl' above, 'bandwidthlimit' must not be set
@@ -229,25 +229,25 @@
## supports only "-o IdentityFile=..."
##
## Default:
-# sshoptions =
+# sshoptions =
## put the backups under this destination directory
## if using 'desturl' above, this must not be set
## in all other cases, this must be set!
## an example setting would be:
## destdir = /backups
-##
+##
## Default:
-# destdir =
+# destdir =
## the machine which will receive the backups
## if using 'desturl' above, this must not be set
## in all other cases, this must be set!
## an example setting would be:
## desthost = backuphost
-##
-## Default:
-# desthost =
+##
+## Default:
+# desthost =
## make the files owned by this user
## if using 'desturl' above, this must not be set
diff --git a/backupninja/files/gss_kdestroy b/backupninja/files/gss_kdestroy
new file mode 100644
index 0000000..1733cf4
--- /dev/null
+++ b/backupninja/files/gss_kdestroy
@@ -0,0 +1,2 @@
+kdestroy
+
diff --git a/backupninja/files/gss_kinit b/backupninja/files/gss_kinit
new file mode 100644
index 0000000..8d87183
--- /dev/null
+++ b/backupninja/files/gss_kinit
@@ -0,0 +1,2 @@
+kinit -kt {{ client.target.auth.gss.get("keytab", "/etc/krb5.keytab") }} {{ client.target.auth.gss.get("principal", "host/$(hostname -f)") }}
+